PGP implementation in the RIPE DB software
Laurent Joncheray
Thu Oct 27 22:31:33 CET 1994
I've ported PGP into the RIPE DB software has an authentification method for the maitainer stuff. Here is a summary of what i did so far. If you're interested in that work and want me to include my extention into the RIPE DB software please let me know. It's working and really easy to use. -- Laurent PS: all files available on request. ----------------------------------------------------------------------------- PGP implementation in the RIPE software. Summary. lpj. 10/27/94 Authentication of the maintainer using pgp is defined by the 'auth' attribute. The value is 'PGP-FROM <pgp-user-id>'. Example: mntner: LPJ descr: The Boss admin-c: DK58 tech-c: MT2 tech-c: TB230 upd-to: lpj at merit.edu mnt-nfy: lpj at merit.edu auth: PGP-FROM lpj at merit.edu mnt-by: LPJ changed: lpj at merit.edu 941026 The user 'lpj at merit.edu' should have registered is pgp public key in the RR. He should signe all updated sent by mail to the RR with his secret key. Implementation: The mail is piped through two processes: 'pgp.pl' and 'dbupdate. 'dbupdate' is the RIPE tool to process updated from the mail. 'pgp.pl' is a perl script which checks the validity of the signature and 'unsignes' the mail. If the signature is ok pgp.pl add a new line in the mail header with the user ID of the pgp certifyed sender. It also add an error code. For example after processing by pgp.pl the mail looks like: From: Laurent Joncheray <lpj at merit.edu> Subject: test 26 To: lpj at fox.merit.edu Date: Thu, 27 Oct 1994 13:00:04 -0400 (EDT) X-pgp-signature: lpj at merit.edu X-pgp-error: 0 [...] All the pgp envelop has been stripped. pgp.pl reads the signed mail from std in and writes the unsigned mail to std out. The dbupdate tool authenticates the maintainer by comparing the 'X-pgp-signature' line with the PGP user ID provided in the auth attribute of the maintainer object. How to generate a secret/public key C.f. [PGP]. Sum up: use 'pgp -kg' How to register a public key C.f. [PGP]. Sum up: generate the public key from you key ring by using 'pgp -kxa <your-pgp-user-id> <file-where-to-store-the-key>'. Send <file-where-to-store-the-key> to the RR manager. The RR call the user to check the public key (with the key's fingerprint) and certify it. A.O.B The RR needs to agree on who owns the public keys (Here it's the user id under which dbupdate is run). Files: src/syntax.pl: hacked version to support the PGP-FROM authentication method. src/maintainer.pl: hacked version to support the PGP-FROM authentication method. src/pgp.pl: the PGP mail filter. src/dbupdate.sh: a sh script which pipes the mail through pgp.pl and dbupdate[.pl] doc/ripe-120++.txt: modified version of ripe-120.txt with support of the PGP-FROM method README.PGP: this file References: [PGP] MIT PGP 2.6.1, ftp://net-dist.mit.edu/pub/PGP/README :-) -------- Logged at Fri Oct 28 17:50:14 MET 1994 ---------
[ rr-impl Archive ]